In Business : BBC Radio 4 FM : August 11, 2016 08:30PM-09:00PM BST
There Is No Preview Available For This Item
This item does not appear to have any files that can be experienced on Archive.org.
Please download files in this item to interact with them on your computer.
Show all files
What can business do to defend itself against the growing army of corporate spies?
🔗 We deploying it because it is the best possible response to a particular form of
🔗 instability that we see why are we.
🔗 Deploying special forces because it's politically expedient to do you say
🔗 and I think that's very difficult to answer
🔗 when it's impossible to get a new nation about where they've been used
🔗 and what the goals were
🔗 and sending them into begin with our time's up panel thank you very much.
🔗 I hope listeners feel themselves briefed.
🔗 Now go and invade North Korea until next week.
🔗 The program was presented by David Aaronovitch and the producer was Mike Wendling.
🔗 The briefing room is now available as pod cast you can search online
🔗 or visit the Radio four website
🔗 that people used to call it is live much longer than people who do not this
🔗 summer. Don't forget to pack the best dramas and readings from B.B.C.
🔗 Radio four and for extra legal and English when it's disappeared from the train.
🔗 How would YOU react if I said that I'm not from guilt for doctoral
🔗 but from a small planet somewhere in the vicinity of Beetlejuice I always keep the
🔗 conversation based on planet Earth showing from science fiction to political
🔗 thrillers all are available to download free
🔗 and take with you wherever you go fun isn't it.
🔗 It's amazing discover more about four stories on the B.B.C.
🔗 Radio four website.
🔗 What I want right here for it's time for business and this week. P.
🔗 Today delves into the murky world of espionage
🔗 and here's how it's becoming ever harder to keep your company's most valuable
🔗 secret safe from prying eyes
🔗 so great.
🔗 So the glosses here which will pop on just show it is just a regular parable
🔗 actually in the bridge of the no. We've got a pinhole camera.
🔗 So I can just be stationed here and move around going into an office and.
🔗 Filming without anyone knowing I'm doing
🔗 that afternoon as we know from James Bond spying is
🔗 covered under cover secret one of the few places where it has a public face is the
🔗 spy master shop in the West End of London. From here.
🔗 They've been supplying security systems to governments and corporations
🔗 and individuals for some twenty years.
🔗 My name's to be a wing director spy master Portman Square spies of always being
🔗 fast adopters of new technology.
🔗 And I was going to show you if you just want to
🔗 record a meeting.
🔗 I have a great pen here which is completely normal just by the clip
🔗 that goes on the out so you can I push
🔗 that down activates it so I'll get about ten hours of really good voice recording
🔗 with that might pick up range of about five meters.
🔗 Here a little coffee cup which I could be sticking from just a regular takeaway
🔗 coffee cup and any of the nine coffee shop.
🔗 If you look closely there's a tiny hole in the lid and that's the camera.
🔗 So I could be standing here and dipping my coffee but filming.
🔗 It's more than just tell tale coffee cups
🔗 and pens every day there are hundreds of attempted espionage raids on businesses
🔗 all over the world.
🔗 We know that because a few of them are forced to break cover and admit
🔗 that security has been breached and data exposed
🔗 but nobody knows how big this threat really is businesses everywhere are very
🔗 reluctant to talk in public about what's happening to them this program is an
🔗 attempt to shed some light on a number of key matter as famous as becoming a very
🔗 worrying corporate liability. And it's not always as high tank as people think.
🔗 Here's a case
🔗 that wrapped up in January this year though it began long before
🔗 that on a bright spring day in the rolling acres of Iowa in the middle of the USA
🔗 Clinton Griffis followed the story closely for his national television program
🔗 called AG day.
🔗 So was May third of two thousand
🔗 and eleven field manager from Dupont pioneer striving along a dirt road
🔗 and sees a car pulled over on the side and a gentleman crouched over in the dirt.
🔗 Digging seeds out of his field.
🔗 And this is a freshly planted field
🔗 that has some of the highest most expensive genetics the company owns it's the
🔗 future of their product and there's a man that looks to be Chinese in the field
🔗 and it is not a common sight in Taman Iowa the band's name turned out to be moe
🔗 Hyde long Dupont Pioneer is a leading seed producer
🔗 and developing the seeds in this field has taken them more than five years
🔗 and millions of dollars. The company's failed manager wants to the what's going on.
🔗 Mulholland gave a rehearsed answer one he'd used before saying he was on his way to
🔗 a research conference and they were just kind of checking things out
🔗 and looking at at fields along the way and then the manager's phone rang
🔗 and it was right then that Mojang his partner jumped in the rental car
🔗 and turned around on the dirt road
🔗 and drove off in fact MOHAI long was director of international business for a
🔗 Chinese biotech company called D.B.M. Part owned by the Chinese government.
🔗 He's got a home in Florida his wife and children are American citizens
🔗 and he's lived in the USA for twenty years the seed company alerted the F.B.I.
🔗 and They tailed him along with five other men agents watched as they spent time
🔗 examining fields of crops in Iowa
🔗 and Illinois grown from seeds from Du Pont pioneer. And its raw.
🔗 Well company Monsanto as these groups were traveling the countryside talking about
🔗 what they were doing the F.B.I.
🔗 Has recordings of what they were saying in fact a couple of these gentlemen were
🔗 talking that they were breaking some of the rules of intellectual property and
🔗 and made it to it on these tapes
🔗 that what they were doing is kind of espionage in fact
🔗 that turns out to have been a stream of cases similar to this one across the USA in
🔗 recent years.
🔗 Members of the Chinese military have been charged with espionage
🔗 for the first time we're exposing the faces
🔗 and names behind the keyboards in Shanghai. You know the F.B.I.
🔗 Releasing video of this sting operation where a Chinese C.E.O. The F.B.I.
🔗 Says cases of corporate espionage have doubled in the past two years
🔗 and ninety five big corporations are involved. Boeing Motorola U.S.
🔗 Steel Google Westinghouse.
🔗 And the spying attacks seem almost always to be emanating from China.
🔗 Says says Eric O'Neill. He's an acclaimed former F.B.I.
🔗 Counterintelligence operator who now works in the commercial sector.
🔗 Look we make fun of China right.
🔗 They copy things like the Eiffel Tower or entire European towns
🔗 but we should denigrate them for this. There's a strategy behind it.
🔗 You can be very successful if you take information
🔗 or you take technology you innovated a tiny bit
🔗 and you produce it cheaper than those who developed it since one thousand nine
🔗 hundred seventy nine.
🔗 China has carefully orchestrated a state led affair were what they want to do is
🔗 direct economic espionage in order to develop their economy.
🔗 Because what truly drives a country is the economy more
🔗 and more it's a sort of corporate espionage map of the world
🔗 that you carry in your head when the threats are coming from all the time.
🔗 They're certainly countries
🔗 that are more interested in spying China being I think at the very top of
🔗 that list
🔗 but Russia whose culture is very much based in the spy game is certainly one of
🔗 the main proponents of spying
🔗 and then of course many other countries spy as as they want to provide a corporate
🔗 advantage to their own industry
🔗 when you say countries do you mean national spying on behalf of
🔗 national interests of corporate interests
🔗 or is this company is from those places spy What's the main move.
🔗 It's both.
🔗 When a company spies against another company which routinely happens we think of
🔗 corporate trade secrets attacks
🔗 when a country spies on behalf of their companies in order to provide a
🔗 technological or economic advantage.
🔗 We're looking at what's called industrial espionage on twee spying back years in
🔗 the West spying back in just the same way.
🔗 We are spying back
🔗 but it's not part of our traditional approach to spy on companies we are interested
🔗 in the true game of spying which is military secrets political secrets the sort of
🔗 that you would expect spy agencies to be going after despite the sustained alarm
🔗 bells. But a very few successful prosecutions
🔗 and China has always denied being involved.
🔗 Even so last year President Obama
🔗 and President Xi announced they'd reached what was called a common understanding on
🔗 curbing corporate espionage
🔗 and the experts say there has been a fold in Internet attacks.
🔗 But no one is suggesting that the risk is disappeared.
🔗 One reason that the Du Pont pioneer case was resolved.
🔗 that seed secrets involving plants growing in the ground a very hard to keep secure.
🔗 And the company's spies. We caught redhanded Fintan Griffiths again.
🔗 The man had kind of finished their work post-harvest and so they had gone
🔗 and collected all the samples that they felt they needed are could get this year
🔗 and so they were ready to leave.
🔗 They gathered up all their supplies and they headed for the airport in Chicago
🔗 but the agents stopped them as they were getting ready to board and
🔗 when they check their bags. The F.B.I.
🔗 Agents found bulk size microwave popcorn boxes.
🔗 Well inside
🔗 and actually beneath the actual microwave popcorn were about one hundred small
🔗 manila envelopes of seed with meticulously written codes on each packet.
🔗 So these folks could use them again whenever they got to China
🔗 and sell all of those seeds were all confiscated.
🔗 But the men were allowed to leave and haven't been seen or heard from since.
🔗 Except that is for most high long.
🔗 Mo headed back to Miami and was arrested there
🔗 and then was charged in this case and he is the only one of the six
🔗 that we know of that have been arrested and charged
🔗 and he is facing sentencing now despite the results of the prosecution neither
🔗 Dupont pioneer or no Monsanto willing to discuss the case.
🔗 We've got the same radio silence so many other threaten companies here in Britain
🔗 few of them want to discuss an issue that makes them sound vulnerable.
🔗 But here is a business that will talk its wary of exposing its secrets
🔗 but not too alarmed.
🔗 This is a fact in west London
🔗 and I'm on a production line on the production line is making bicycles
🔗 in go the wheels and that one over that.
🔗 The cable still have to be linked up to the big ears on the brakes
🔗 and then that'll be ready for all sales. What do you do.
🔗 I'm pale
🔗 but I only just found.
🔗 Thank the bicycles are Brompton bicycle that distinctive folding bike.
🔗 That's made a big name for itself worldwide from its London origins.
🔗 Only a medium sized business but it's busy expanding internationally into Asia.
🔗 And Brunton is the kind of innovative company
🔗 that could be vulnerable to rivals eager to copy its secrets.
🔗 Especially when it's about one bale a new concept.
🔗 It's been working on behind the scenes for a long time
🔗 and here we have the new development up front to.
🔗 Will the flat Adams is the chief executive of Brompton in front of us now is a real
🔗 step change.
🔗 This is an electric bicycle nobody knows about it yet because it doesn't reach the
🔗 marketplace until sometime next year as you can see.
🔗 Pretty much the same as a normal bicycle ten seconds
🔗 and you're off the difference is that now when you hit the hills you get help
🔗 and you want to sweat.
🔗 This is eight years of work we are working with partners all over the world
🔗 using innovation from industries from ever nautical Formula one
🔗 all different types of industries. Do you take a lot of can.
🔗 To stop your secrets leaking out.
🔗 We take a considerable amount of cash but not too much cash.
🔗 The problem with secrets is if you get too obsessed with your secrets you spend all
🔗 day. Worrying spending money protecting over protecting
🔗 that then you're not running fast enough.
🔗 You know innovating fast enough
🔗 and actually the best protection for innovation is keep innovating
🔗 and innovating faster.
🔗 Because somebody else come up with something better than what you're doing in a
🔗 different way
🔗 and you're already behind our driveways keep moving keep moving keep moving
🔗 and by manufacturing in the U.K.
🔗 We're not giving our manufacturing to a third party doing it here is an important
🔗 part of keeping development keeping innovation within the within the camp yes.
🔗 The physical location of our manufacturing site is probably one of our biggest ways
🔗 by which we protect our IP because there is not an industry our industry in this
🔗 part of the world.
🔗 So the migration of our knowledge which is easy in our staff our most precious
🔗 asset is held here have been spied upon. They have the brain spies.
🔗 We have had people who come in here
🔗 and I have met you can feel it virtually I mean maybe that's a bit of a dodgy
🔗 strategy but we've had people who we are wary about and we react according to
🔗 that form happens when your way or something you just don't show them so much.
🔗 Yes you don't hear anything like as much.
🔗 You're short your shop
🔗 and I mean the reality is what we're looking at now is you know bits of metal bits
🔗 of plastic if you poke a was it is nothing there that.
🔗 Is any IP You know there is something that you need
🔗 but it's far far too deep for you to waltz off
🔗 and set up your own bike electric bike company but having said
🔗 that as the knowledge becomes more available as we have drawings
🔗 that are finished drawings we start transmitting those in different parts the world.
🔗 We have to be increasingly more careful a lot of corporations
🔗 when they go to places like China tell their executives not to take their existing
🔗 laptops with them not even to take their existing phones with them.
🔗 Do you have that kind of restriction on the on travelling no
🔗 and maybe we should actually there are some very simple things
🔗 that you can tie in how you induct people how you make sure
🔗 when you're training them that there are secrets
🔗 and anything they do in the company is a secret little things like that
🔗 that we're behind on the.
🔗 You ought to be doing more than Will Butler Adams a Brompton bikes.
🔗 As everyone knows the world is becoming ever more interconnected
🔗 and ever more vulnerable.
🔗 Let's go back to central London
🔗 and the spymaster shops earlier equipment for corporate spies to use to be a wing
🔗 again technology changed dramatically.
🔗 First of all now we have satellite technology which enables us to not only hear
🔗 track but also see via satellite. So worldwide.
🔗 We never had that before mobile phone SIM cards have changed things completely
🔗 and wife by the cameras back in the day we always had limitations on this because
🔗 we had heat and all frequencies and you have limits.
🔗 With me as a keen observer of all this.
🔗 Charlie McMurdo the thirty two years in the metropolitan police in London
🔗 specializing in electronic crime.
🔗 Now the use of the special gadgets the drones
🔗 and the very long distance spying equipment on there the voice changing box there
🔗 but everybody's now a mobile phone app
🔗 and you've got things you carry around with you.
🔗 Memory sticks and then maybe another computer
🔗 and then of course wireless you're connected to the company all the time and
🔗 that makes the company vulnerable. That's right.
🔗 So things such as your mobile phone. Could be compromised.
🔗 When your using it in an insecure lifeline network for example.
🔗 So anyone wanting to capture the data from your phone could do it through normal
🔗 and that's what presents a really big risk because people don't see their personal
🔗 devices as being as risky as using computers
🔗 and technology within the business but they have the same day.
🔗 They can perform the same functions so perhaps present an even greater risk.
🔗 This is ramping up the vulnerability of corporate security enormously isn't it.
🔗 It is particularly if companies fail to recognize the risk with what their
🔗 employees what their staff are actually doing how they're sending data off the
🔗 corporate network.
🔗 I've heard of people dropping us bees just outside a company headquarters which
🔗 somebody is bound to pick up take inside
🔗 and plug into the company network through their computer very easy with had
🔗 that before where data sticks have been infected with malware
🔗 that been left in positions where somebody is likely to pick them up
🔗 or they're being given out at conferences and plugged into the corporate network
🔗 and there's your access
🔗 and then something inside the company like a photocopier used to be just a
🔗 photocopy or it's digital now isn't it. Exactly.
🔗 Now it captures all the data that it's actually copying
🔗 and we had a big spate of copy is actually been discarded
🔗 and then anybody who wants the data
🔗 or off them can route through the local rubbish dump of the recycling center pick
🔗 up those hard drives and retrieve the data from them
🔗 and now here comes the Internet of Things.
🔗 If everything in the world gets its own addressable internet identity then.
🔗 All those theoretically could become input points for the cyber spy couldn't it.
🔗 Exactly. They all present an opportunity that cyber criminals can exploit.
🔗 But the law simply can't keep pace with this not international law
🔗 or any way the law
🔗 or enforcement it is a real challenge not only the volume of attacks
🔗 that are taking place but also the global challenge with different legislation
🔗 that has to be applied in different parts of the world.
🔗 So with all these things your job as it was your police job has.
🔗 Not hugely more problematic. Than even when you started.
🔗 It's become far more complex exactly like the networks
🔗 that we have to investigate have become far more complex.
🔗 It's not like a traditional investigation way you've got one scene of one suspect
🔗 blood on the pavement.
🔗 This could be spread around the world generally in most murder your family of the
🔗 Metropolitan Police now a consultant with the international business services firm
🔗 Pricewaterhouse Coopers So if new technology is making law enforcement a huge
🔗 challenge won't. Can you do to defend your business.
🔗 This is a company called
🔗 context information security where they put company security defenses to the test
🔗 context I as operates mostly in cyberspace probing how a corporate computer system
🔗 stands up to hackers from outside.
🔗 Owen Wright conducts penetration testings for big companies.
🔗 It's known as red teaming your most trying to build an attack path
🔗 that shows how an attacker could get all the way from the outside of an
🔗 organization to its key data.
🔗 The important thing is to know how the real attackers do it
🔗 and emulate them as closely as possible.
🔗 So the first phase of a typical test is the reconnaissance face doing research on
🔗 social networks like Linked In to identify people who work at the organization.
🔗 What roles they have what technologies
🔗 and systems are in use the more information you can get that stage.
🔗 The more likely you are to have to be able to successfully attack an organization.
🔗 Because the rise of social networking house is extraordinarily complicated the
🔗 picture hasn't it. People are using social networks at work.
🔗 Overlaid on the the computer system they're working with within the corporation on
🔗 that means that.
🔗 They're giving away a lot of information about themselves as workers.
🔗 As well as private individuals. Absolutely. You can take fairly small details.
🔗 Like if someone had posted a photo of themselves in the office you might be able to
🔗 see something on their computer screen
🔗 that indicated they're running a vulnerable piece of software
🔗 that you could target.
🔗 We've done
🔗 that in previous writing engagements red teaming like this is a combination of
🔗 understanding technology and understanding human nature.
🔗 So I'm writing an e-mail now and I'm adding my malicious attachment to it.
🔗 We've created a convincing looking pretext here.
🔗 He uses a very potent weapon in the armory of the cyber spy.
🔗 This is a highly targeted approach known as spear fishing a way for spies to worm
🔗 their way into the target company computer system they send an email
🔗 that looks as though it's from someone or some business.
🔗 You know
🔗 but in fact it's from criminals who want to bring call their way into the corporate
🔗 A really common way that organizations
🔗 and people are targeted in spearfishing attacks is to send an e-mail
🔗 that is in Thai thing an interesting.
🔗 For example sending a document salary details twenty sixteen.
🔗 It's highly likely that the people who receive that e-mail will open it and if
🔗 that document was maybe tracked it could allow the attacker to take over those
🔗 people's computers.
🔗 You can speak of in some cases the e-mail address from which you're sending the
🔗 So even though it's coming from the attacker It might look like it's coming from
🔗 inside the organization in which case it creates a much more realistic scenario if
🔗 an organization had moved into a new set of offices
🔗 and you knew there was work going on in those offices.
🔗 You could target employees who worked in
🔗 that office by sending an e-mail talking about the works
🔗 and inviting them to to click a link in e-mail to find out more information.
🔗 Make sure think that company shouldn't allow email altogether doesn't it.
🔗 Tradeoff between security need ability.
🔗 If you want to be more secure the female mate may well be away
🔗 but you know it's a very important business tool same time have we not built a
🔗 system that we have to assume it's going to be hacked
🔗 or maybe do something that's entirely off system about it put our secrets into some
🔗 completely different.
🔗 Arena lock them away in a physical vault and never let them be put on.
🔗 Any sort of computer network at all.
🔗 that the way for a company to let's say keep its intellectual property safe
🔗 and sound. Yeah the difficulty there is that if you do
🔗 that you can never use your secret say if your secrets a nuclear launch codes then
🔗 you could very well have them locked away in a dark room somewhere
🔗 but the problem with all that information is that it's going to be used
🔗 and I think what organizations are doing more and more is accepting
🔗 that sometimes the attackers will get in and developing ways of spotting them
🔗 and then removing them from the network.
🔗 So it's not just about protecting the outside
🔗 and creating a hard right a shell it's about also having visibility of what's going
🔗 on inside particularly around the key places where all the sensitive data in the
🔗 corporate secrets are kept. Irwin right at context I-S. In London.
🔗 Yes keeping company secrets safe from cyber spies is really hard to do.
🔗 Even the best design prevention systems of a know defense
🔗 when it's an insider who breaches your security.
🔗 This is a cautionary tale from a chief executive whose company was almost destroyed
🔗 when its vital secrets were leaked with one billion dollars wiped off its stock
🔗 market value the U.S.
🔗 Department of Justice has described this as attempted corporate homicide.
🔗 DANBERG downs American Superconductor corporation makes the software
🔗 that drives wind turbines than are being used all over the world to generate
🔗 renewable electricity. The company decided to expand.
🔗 And rapidly in China
🔗 and it knew it had strenuously to protect its technology its encrypted the software
🔗 spit vital intellectual property between different graphic locations
🔗 and stayed on God but that wasn't enough.
🔗 The company's suddenly discover
🔗 that its most valuable trade secrets had been stolen.
🔗 We had learned that at one test site in China
🔗 when turbans were continuing to operate with a new version of the software
🔗 that had not been yet released to the market so to be empowered had stolen.
🔗 It had been pirated has been stolen and I think the surprise in all this
🔗 when people hear our story is that it's stolen by a European employee and
🔗 that European employee conspired with the Chinese company
🔗 and Chinese employees in management of that company to perpetrate this theft
🔗 and inside a key employees had been flamed to China
🔗 and paid handsomely to hand over the computer code at the heart of the company's
🔗 wind turbine control system.
🔗 He was tried convicted and jailed the evidence is overwhelming.
🔗 It reads like a major motion picture out of Hollywood.
🔗 You couldn't keep your crown jewels safe.
🔗 If you had an employee who was willing to sell them is that the essence of this.
🔗 I think the essence of it is
🔗 that your biggest threat is not only going to come from the outside
🔗 and attacks cyber attacks on electronic assets
🔗 but one of the biggest threats are actually your people and your employees.
🔗 If you motivate someone the right way with the right amount of money.
🔗 I think he was offered women he was offered a new life in China
🔗 that if you motivate them properly to steal any company is susceptible to
🔗 that it may be softer it may be intellectual property
🔗 but this is a story about an individual.
🔗 Well it's a very old old and familiar story in a way isn't it.
🔗 Well it's familiar if you go back to how you know Cold War spy craft it was an act
🔗 it a lot of the techniques
🔗 that the Chinese used with this individual really were to try to turn him as an
🔗 asset in the Cold War people I think you know executives
🔗 or industrialists look at these things as fiction.
🔗 You know we read them in novels or rehear stories but as we've learned more
🔗 and we've gotten more involved with counterintelligence part of our government
🔗 these techniques are not unique.
🔗 And this is rampant going on on a daily basis against a lot of Western companies.
🔗 Than began.
🔗 It has to be said
🔗 that despite the conviction in Austria home to Americans superconductors research
🔗 The Chinese company is still fighting the corporations legal action in the Chinese
🔗 This is an awful warning to companies who may think they've taken precautions to
🔗 keep their vital secrets safe from prying eyes secrets are as safe as the people
🔗 who look after them. There's nothing new about corporate spying.
🔗 But in the connected world.
🔗 The threats of multiplied businesses have to develop a new a litmus to stop them.
🔗 Most valuable assets being hacked stolen and made pretty much worthless
🔗 and they can happen overnight.
🔗 And business was produced by the sea hook at the present it was P. Today.
🔗 Next week's program looks at the potential of virtual reality technology.
🔗 That another fit us if the false hopes hinting at a new particle effects the Large
🔗 Hadron Collider his chances of finding something else
🔗 and he'll be visiting the Tower of London to spot crime intelligence on B.B.C.
🔗 Inside science in a couple of minutes.
🔗 From Edinburgh corn will capitalism press brilliantly trashed his stories to cope
🔗 with freshly printed music particularly rain
🔗 and the role of the continent singularity.